Virtual Lan

A VLAN consists of a network of computers that behave as if connected to the same link layer network - even though they may actually be physically connected to different Segments of a LAN. Network administrators configure VLANs through software rather than hardware, which makes them extremely flexible. One of the biggest advantages of VLANs emerges when physically moving a computer to another location: it can stay on the same VLAN without the need for any hardware reconfiguration.

ADVANTAGES

Increase the number of broadcast domains but reduce the size of each '''broadcast domain''', which in turn reduces network traffic and increases network security (both of which are hampered in cases of single large broadcast domains).

Reduce management effort to create subnetworks.

Reduce hardware requirement, as networks can be separated logically instead of physically.

Increase control over multiple traffic types.

Create multiple logical switches in a physical switch.

PROTOCOLS AND DESIGN

The primary protocol currently used in configuring virtual LANs is IEEE 802.1Q , which describes how traffic on a single physical network can be partitioned into virtual LANs by tagging each frame or packet with extra bytes to denote which virtual network the packet belongs to.

Prior to the introduction of the 802.1Q standard, several proprietary protocols existed, such as Cisco 's ISL (Inter-Switch Link, a variant of IEEE 802.10 ) and 3Com 's VLT ( Virtual LAN Trunk ). ISL is no longer supported by Cisco.

Early network designers often configured VLANs with the aim of reducing the size of the Collision Domain in a large single Ethernet segment and thus improving performance. When Ethernet Switch es made this a non-issue (because they have no collision domain), attention turned to reducing the size of the Broadcast Domain at the MAC Layer . Virtual networks can also serve to restrict access to network resources without regard to physical topology of the network, although the strength of this method remains debatable as VLAN Hopping is a common means of bypassing such security measures.

Virtual LANs operate at Layer 2 (the Data Link Layer ) of the OSI Model . However, administrators often configure a VLAN to map directly to an IP network, or Subnet , which gives the appearance of involving Layer 3 (the Network Layer ).

In the context of VLANs, the term "trunk" denotes a network link carrying multiple VLANs, which are identified by labels (or "tags") inserted into their packets. Such trunks must run between "tagged ports" of VLAN-aware devices, so they are often switch-to-switch or switch-to-). A Router (Layer 3 device) serves as the Backbone for network traffic going across different VLANs.

On Cisco devices, VTP (VLAN Trunking Protocol) allows for VLAN Domains , which can aid in administrative tasks. VTP also allows "pruning", which involves directing specific VLAN traffic only to switches which have ports on the target VLAN.

ASSIGNING VLAN MEMBERSHIPS

The four methods of assigning VLAN memberships that are in use are:

Port-based: A switch port is manually configured to be a member of a VLAN. In order to connect a port to several VLANs (for example, a link with VLANs spanning over several switches) the port has to be member of a Trunk . Only one VLAN on a port can be set ''untagged'' (3Com's term) or ''access mode'' (Cisco's term); the switch will add this VLAN's tags to untagged received frames and remove this VLAN's tag from transmitted frames.

MAC-based: VLAN membership is based on the MAC address of the workstation. The switch has a table listing the MAC address of each machine, along with the VLAN to which it belongs.

Protocol-based: Layer 3 data within the frame is used to determine VLAN membership. For example, IP machines can be classified as the first VLAN, and AppleTalk machines as the second. The major disadvantage of this method is that it violates the independence of the layers, so an upgrade from IPv4 to IPv6 , for example, will cause the switch to fail.

Authentication based: Devices can be automatically placed into VLANs based on the authentication credentials of a user or device using the 802.1x protocol.

Port-based VLANs

A port based VLAN switch determines the membership of a data frame by examining the configuration of the port that received the transmission
or reading a portion of the data frame’s tag header. A four-byte field in the header is used to identify the VLAN. This VLAN identification indicates
what VLAN the frame belongs to. If the frame has no tag header, the switch checks the VLAN setting of the port that received the frame.

SEE ALSO

Virtual Private Network

Virtual Private LAN Service

VLAN, VPN And VPLS

Virtual Access Point

GARP VLAN Registration Protocol (GVRP)

REFERENCES

Andrew S. Tanenbaum , 2003, "Computer Networks", Pearson Education International, New Jersey.

EXTERNAL LINKS

IEEE's 802.1Q standard 1998 version ( 2003 version )

[http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/switch_c/xcvlan.htm Cisco's Overview of Routing between Virtual LANs]

Cisco's ''Bridging Between IEEE 802.1Q VLANs '' white paper

University of California's VLAN Information

OpenWRT guide to VLANs : Provides a good beginners guide to all VLANS

Some FAQ about VLANs

	APPAREL
	BABY
	BEAUTY
	BOOKS
	CAR TOYS
	CELL PHONES
	DVD'S
	ELECTRONICS
	GOURMET FOOD
	GROCERIES
	HEALTH & PERSONAL
	HOME & GARDEN
	JEWELRY
	MUSIC
	MUSIC INSTRUMENTS
	OFFICE PRODUCTS
	SOFTWARE
	SPORTING GOODS
	TOOLS & HARDWARE
	TOYS
	VIDEO GAMES
	SHOPPING HOME

	MORE SHOPPING...

	CATEGORIES ABOUT VIRTUAL LAN

	local area networks

Information About

Virtual Lan